Speakerbus have been made aware of two vulnerabilities affecting the Telerek UI for ASP.NET AJAX tools, as used in the iManager Centralised Management System (iCMS) configuration portal.

This vulnerability only affects the iCMS solution.

Both CVEs relate to the Telerik ‘RadAsyncUpload’ function. This is used in the following iManager functionality:

Importing corporate directory

Importing user personal directory

Uploading iSeries device feature keys file

These functions are behind a password protected login and are not publicly accessible. Speakerbus have evaluated the exploitation risk as Low. Speakerbus are currently developing a new release of iCMS which protects the Telerik function from exploitation in the future.

The new build is expected to be made available in January 2018.

For further information please contact your regional partner or our service desk. http://www.speakerbus.com/helpdesk/

Speakerbus Inc is pleased to announce and welcome Garry O’Sullivan as the company’s new VP of Operations. Garry will be responsible for Operational management with a specific focus on the Americas, driving customer and operational support, contribute to project governance and delivery, as well as general management responsibilities. Garry joins the Speakerbus team from Gant […]